Thanks Jim! You know, now that I think about it, I should have Googled the DHCP question since it really was that and not particularly an ISA issue. Just goes to show how multifaceted youze guys are! Steve Comeau Associate Director of IT Rutgers Athletics 83 Rockafeller Road Piscataway, NJ 08854 732-445-7802 732-445-4623 (fax) www.scarletknights.com<http://www.scarletknights.com> [cid:image001.jpg@01C99CEB.2DF35860] From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Wednesday, March 04, 2009 4:51 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: DHCP VPN Questions To disable rogue DHCP detection: 1. add the following DWORD value in the DHCP server registry: a. Start Registry Editor (Regedt32.exe). b. Locate and click the following key in the registry: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Dhcpserver\Parameters c. On the Edit menu, click Add Value, and then add the following registry value: Value name: DisableRogueDetection Data type: REG_DWORD Radix: Binary Value data: (Hexadecimal) 1, which will be saved as 0x00000001 d. Quit Registry Editor. 2. From a command window, type a. Net stop dhcpsvc b. Net start dhcpsvc JimmyJoeBob Alooba Office 2007 on Win7 Beta From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Steven Comeau Sent: Wednesday, March 04, 2009 6:57 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] DHCP VPN Questions I have ISA 2006 (on Server 2003, SP2, non-AD Domain) and have a DHCP server (internal) running to one of the NICs that I have for a Private network. To avoid the DHCP server from going offline - due to a request to be Authenticated when it senses an AD Domain on one of the other Private space NICs that does have a Active Directory (AD) Domain, in the System Policy Editor, I have disabled the DHCP Configuration group and placed a rule to allow the DHCP (Local Host) to receive/send DHCP requests/replies to the non-AD NIC. However, in doing that, whenever someone VPNS in, using the ISA server, I cannot get an IP address from the DHCP server on the AD NIC side (which is where I want to route VPN connections) - I get a 169 address. To get the VPN clients to receive an IP address on the AD side, should I create a rule to/from the VPN Clients to/from the AD side (request/reply) or to/from Local Host to/from the AD side. Again, I want to be able to use the DHCP server on the ISA server ONLY (Local Host) for the one Private network (the non-AD one) without it contacting the side with the AD Domain because it will shut off the DHCP server due to it being in an AD Domain but not Authenticated. Thanks. Steve Comeau Associate Director of IT Rutgers Athletics 83 Rockafeller Road Piscataway, NJ 08854 732-445-7802 732-445-4623 (fax) www.scarletknights.com<http://www.scarletknights.com> [cid:image001.jpg@01C99CEB.2DF35860] *** This message contains confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. Rutgers University - DIA 83 Rockafeller Road Piscataway, NJ 08854 www.scarletknights.com *** *** This message contains confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. Rutgers University - DIA 83 Rockafeller Road Piscataway, NJ 08854 www.scarletknights.com ***